Protect your account and devices from hackers and malware

Office 2016Office for businessOffice 365 AdminOffice 365 Small BusinessOffice 365 Small Business AdminMore...Less

No one wants to become compromised by hackers or malware. Use this guidance to help you protect your accounts and devices.

Protect your accounts

It's important that you protect your accounts whether it's a personal account such as a Microsoft account, or a work or school account someone in your organization created for you.

Take precautions with sensitive info

Don't send emails that include sensitive information such as passwords, credit card numbers, passport numbers, or other government issued identification such as a social security number or other tax related identification.

Watch out for scams

Watch out for phishing attacks which try to trick you into providing sensitive information, or clicking a malicious link or attachment.

Some examples of phishing scams look like messages from what appears to be a legitimate source such as a bank or an official looking institution. The message invites you to sign in with your email address and password, but it's actually a fake website. Other scams look like emails from someone you know which asks you to click a link or open an attachment.

Phishing messages usually have links or attachments. When you click the link in the message or open the attachment, your computer can become infected or an attacker can gain access to your content.

If you receive an email that looks even slightly suspicious, do the following:

Hover over the link and look for the name of the actual website the link is sending you to. Make sure it's what you expect and not misspelled.

Search for the legitimate website instead of clicking a link in the message.

If you receive a message from someone you know, but it looks a bit unusual, it could means the sender's email account and contact list was compromised. Contact the sender directly and describe the mail you just received and ask if it was legitimate.

Use two-factor authentication

Two-factor authentication (2FA), also called two-step verification, or multi-factor authentication (MFA) is an extra layer of security to ensure that only you are accessing your account. When you set this up, any time you sign in to your account from an unrecognized computer or other device, or if you add your account to an app or a service for the first time, you're prompted to verify that it's okay. The verification message can be sent via an authentication app such as the Microsoft Authenticator app on your smartphone, a text message, an email sent to an alternate address, or a phone call which requires you to enter a pin.

If your work or school accounts are using Office 365, your Office 365 admin or IT department may have enabled this for all accounts in the organization. If so, you'll be prompted to take this extra step.

For a personal Microsoft account, you can set this up yourself and indicate your preferred verification method. For example, you can request verification from an authentication app such as the Microsoft Authenticator app, a text message, or alternate email account.

Protect your password

Don't use the same password for all your accounts.

Make sure your password is strong and avoid using actual words. The current recommendations for strong passwords include at least 12 characters, a combination of upper and lowercase letters, at least one number from 0-9, and a symbol.

Tip: Third-party online services are available to help you generate and remember unique passwords for sites you visit regularly.

Protect your phone or tablet

Only run and install apps from a legitimate source such as the app store for your device.

If you're using Office 365, use Microsoft apps which work better with Office 365 and are more secure.

Keep your devices, and any software or mobile apps you're using up-to-date. Many of the updates you receive are security fixes so be sure to install operating system updates, and any software or app updates.

Protect a computer running Windows 10 or a Mac

The following are specific things you can do if you're computer is running Windows 10, or if you have a Mac.

Turn on BitLocker device protection

Bitlocker protects data when devices are lost or stolen. BitLocker Drive Encryption provides full disk encryption on Windows 10 PCs. If the device is lost or stolen unauthorized users can’t gain access to files on the protected drives, including files synced from OneDrive for Business.

Protect your PC with Windows Defender

When you start up Windows 10 for the first time, Windows Defender is on and actively helping to protect your PC by scanning for malware (malicious software), viruses, and security threats. Windows Defender uses real-time protection to scan everything you download or run on your PC. Windows Update downloads updates for Windows Defender automatically to help keep your PC safe and protect it from threats.

Turn on Windows Firewall

You should always run Windows Firewall even if you have another firewall turned on. Turning off Windows Firewall might make your device (and your network, if you have one) more vulnerable to unauthorized access.

Turn on firewall protection

Use firewall settings to protect your Mac from unwanted contact initiated by other computers when you’re connected to the Internet or a network. Without this protection your Mac might be more vulnerable to unauthorized access.